Skip to content

docs: nudge users into using partially encrypted config files #1005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aduh95 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

docs: nudge users into using partially encrypted config files #1005

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4049c8d
docs: nudge users into using partially encrypted config files
aduh95 Nov 16, 2025
ab688cc
Split token suggestions in 2
aduh95 Dec 9, 2025
9dc54d4
fixup!
aduh95 Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 34 additions & 26 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,18 +76,29 @@ Optionally, if you want to grant write access so `git-node` can write comments:

You can also edit the permission of existing tokens later.

After the token is generated, create an rc file with the following content:
(`~/.ncurc` or `$XDG_CONFIG_HOME/ncurc`):

```json
{
"username": "your_github_username",
"token": "token_that_you_created"
}
After the token is generated, you can give it to NCU using:

<details open name="set-token"><summary>With encryption (Recommended)</summary>

```sh
ncu-config set username your_github_username
# Do not provide the token in the CLI, `ncu-config` will prompt you for it.
ncu-config set -x token
```

Note: Encryption is available only if you have `gpg` setup on your machine.

</details>

<details name="set-token"><summary>Without encryption</summary>

```sh
ncu-config set username your_github_username
# Do not provide the token in the CLI, `ncu-config` will prompt you for it.
ncu-config set token
```

Note: you could use `ncu-config` to configure these variables, but it's not
recommended to leave your tokens in your command line history.
</details>

### Setting up Jenkins credentials

Expand All @@ -108,27 +119,24 @@ To obtain the Jenkins API token
`~/.ncurc.gpg` or `$XDG_CONFIG_HOME/ncurc.gpg`) with `jenkins_token` as key,
like this:

```json
{
"username": "your_github_username",
"token": "your_github_token",
"jenkins_token": "your_jenkins_token"
}
<details open name="set-jenkins-token"><summary>With encryption (recommended)</summary>

```sh
ncu-config set -x jenkins_token
```

### Protecting your credentials
Note: Encryption is available only if you have `gpg` setup on your machine.

If you have `gpg` installed and setup on your local machine, it is strongly recommended
to store an encrypted version of this file:
</details>
<details name="set-jenkins-token"><summary>Without encryption</summary>

```sh
ncu-config set jenkins_token
```

```console
$ gpg --default-recipient-self --encrypt ~/.ncurc
$ rm ~/.ncurc
```
</details>

The credentials are now encrypted in `~/.ncurc.gpg` and everytime it's needed,
node-core-utils will invoke `gpg` that may ask you to decrypt it using
your default key via pinentry.
### Protecting your credentials

Put the following entries into your
[global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile)
Expand Down
Loading